Application Serial No. 10/609,011 

(Atty. Docket No. 004770.00133) 

Listing of the Claims 

1 . (Currently amended) A method for implementing secure communication, comprising: 
(a) r ec eiv in g i n struc t io ns to initiate a proces s fo r cr eat i ng a secure communication link to 

a remot e device initiating a connection via a publicly accessible networ k from a wireless device, 
wherein 

the wireless device includes an unprovisioned virtual private network (VPN) 

program and an unprovisioned automatic content updating (ACU) program, and 

the ACU program is configured, upon provisioning, to communicate with one or 

more remotely-located devices on behalf of at least one additional program that is distinct from 
the ACU and VPN programs ; 

(b) d e term inin g , in re spons e to th e in s tr u ction s r e c e iv e d in st e p - (a), wheth e r at least one 

local appli c ation p rogram used to create th e s e cure communication l ink is configured; 

{-e-} — ittrti ating, based on the instruction s received in step (a), a second process for 

acces s ing a database over the publicly accessib le n e twork; 

(d)(bj receiving, in the wireless device and using the connection, response to step (c) and 
if th e lit least on e l ocal application program is not configur e d, configuration information for 
provisioning the at least one ACU program; 

(e4(c) ee nfiguring provisioning t he a t least one ACU program based upon the 
configuration information received in step ftfKb); m*& 

(d) receiving in the wireless device, via the publicly accessible network and using the 

provisioned ACU program, information for provisioning the VPN program; 

(e) provisioning the VPN program based upon the information received in step (d); and 

(f) creating the-a_secure communication link based on using the confi gur pro visioned atkm 
VPN program . 

2. (Currently amended) The method of claim 1, wherein^ 

th e secure communication link is a VPN connection, and 
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the information received in step teMb) comprises at least one of a public/private 

ke y pai r an d a an ACU certificate corresponding to the wireless device and the information 
received in step (d) comprises a VPN certificate corresponding to the wireless device . 

3. (Currently amended) The method of claim 1, further comprising: 

(g) determining whether an update to the at least one VPN application program is 
available; 

(h) receiving the update; and 

(i) implementing the update. 

4. (Canceled) 

5. (Currently amended) The method of claim 1, wh e r e in st e p (d) compris es r e c e iving a 
generic VPN policy without PK1 data, and further comprising: 

(g)-ge*wati ng PK1 data and a corr es pond i ng certificate enrollment request; 

fo}£g) sending , prior to step (d)« a the-certificate enrollment request to th e r e mote device 
for forwarding to an external certification authority (CA^t-aftd 
(i) r e c e iving a c e rtificat e . 

6. (Canceled) 

7. (Canceled) 

8. (Currently amended) The method of claim 11, wherein the ACU app l ication contains 
information about application programs in add i tion to the at least one local application program 
us e d to create the secur e communication link; and further comprising: 

(g) determining whether an update is available for the at least one of the additional 
app I i cat i o n pro gra ms ; pro gram : and 
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(h) receiving an update for the at least one additional app l ication program. 

9. (Canceled) 

10. (Currently amended) The method of claim wherein the ACU application conta i ns 
information about application programs in addition to th e at least one local app l ication program 
u s ed to create the secure communication link, and further comprising: 

(g) fetching,, from one of the one or more remote ly-located devices., content or content 
metadata applicable to the at least one ef4he-additional application progrQms; program; and 

(h) storing, by the at least one additional a pp lication program, the fetched content or 
content metadata. 

11. (Currently amended) The method of claim wherein the ACU application program 
communicates using a SyncML protocol. 

12. (Currently amended) The method of claim 7JL, further comprising: 

(g) storing, in a configuration record for at l east one t he VPN application program , an 
Internet Access Point (IAP) to be used when communicating with one of the one or morea 
remote ly-located devices on behalf of the at least one V PN application program . 

13. (Currently amended) The method of claim 21, wherein the ACU app l ication program 
communicates using a simple request-response protocol, and wherein a protocol transaction 
consists of a single request-response pair. 

14. (Currently amended) The method of claim 71_, wherei n the ACU application contains 
information about application programs in addition to the at l e ast one local application program 
used to cr eate the s ecure communication link, and further comprising: 
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(g) fetch ing. from one of the one or more remote ly-located devices, content metadata 
applicable to the at least one-e£#*e additional a p p 1 i c at i o n pro gra m s : pr o gr a m : 

(h) comparing fetched metadata to locally stored metadata; and 

(i) fetching new or updated content from the one of the one or more remote ly-located 
devices based upon the comparison. 

15. (Currently amended) The method of claim 14, wherein the ACU application program 
includes in fetch requests in steps (g) and (i) content identifications (IDs) required by the one of 

the one or more remotely- located devices r e mote d e vice . 

16. (Currently amended) The method of claim 71, wh e r e in the ACU application contains 
informatio n about application programs in addition t o the at lea st o ne loc al application program 
us e d to cr e at e th e s e cur e communication link, a n d further comprising: 

(g) fetching, from multiple databases in one of the one or more the-remote ly-located 
devices, metadata about multiple types of content. 

17. (Currently amended) The method of claim 71, wherein 

th e ACU application contains information about application program s in addition 

to th e at least one local application program used to create the secure communication link, and 

the ACU a-p p lica tion program transmits requests containing properties used by 

one of the one or more remote ly-located devices to filter requests. 

18. (Currently amended) The method of claim 71, wherein messages generated by the ACU 
application program and communicated to one of the one or more remote ly-located devices 
include a message identifier, a target database identifier, and a security level. 
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19. (Currently amended) The method of claim 18, wherein a first security level is required to 
receive configuration information for the a t l east one VPN program and a second security level is 
required to receive another type of information. 

20. (Currently amended) The method of claim 1 8, wherein at least one message generated by 
the ACU application program includes an element indicating that a -the at least one message is 
t&e-ajast message relating to a specific task. 

21. (Currently amended) The method of claim 18, wherein the ACU application program 
requests configuration information in a single message. 

22. (Currently amended) The method of claim ^JJurther comprising, upon receipt of a first 
r e spons e from th e re mote d e v ice prior to step (b) : 

(g) validating and storing a returned certificate corresponding to one of the one or more 
remotclv-located devices so as to create a trust relationship with ike- that remote lv-located device. 

23. (Currently amended) The method of claim 22, further comprising: 

(h) using the return e d certificate stored in step (z) to validate subsequent responses from 
ihe-that remotelv-located device. 



24. (Currently amended) The method of claim 23, wherein: 

the returned certificate corresponding to the one of the one or more remotely- 
located devices is validated based on a hash calculated over £he-an entire ACU message r e sulting 
in the first re s ponse from the remote device , except for a signature element of ihe- that ACU 
message, 

the hash is signed with a private key held by the one of the one or more remotely- 
located devices r emote device , and 
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the corr e sponding certificate corresponding to the one of the one or more 
remotely-located devices is included in t&e-ajkst response from the one of the one or more 
remotely-located devices and is used by the recipi e nt wireless device to verify the signature and 
identify and authenticate #*e-a_sender. 

25. (Currently amended) A n apparatus device for s e cure communication with a server via a 
p ubl i cl y accessib l e network, comprising: 

a transceiver configured to provide a wirelessa n interface to a publicly accessible 
network; and 

a processor configured to perform steps comprising: that include 

(a) receiving instructions to initiat e a proc e ss for cr e ating a s e cure communication link to 
a remo te d e vi c e initiating a connection via a~the publicly accessible n et wo rk : n e two r k , wh e re i n 

the apparatus includes an unprovisioned virtual private network (VPN) program 

and an unprovisioned automatic content updating ( ACL)') program, and 

the ACU program is configured, upon provisioning, to communicate with one or 

more remotely-located devices on behalf of at least one additional program that is distinct from 
the ACU and VPN programs, 

(b) d e t e rmining, in re spon se to the instruction s rec e iv e d i n st e p (a), wh e th e r at l e ast on e 

local application program used to creat e the secur e commun i cation link is configured; 

(e) — in i ti at in g, based on the instructions received in step (a), a second process for 

accessing a database over the publicly accessible n e twork; 

(d)£b) receiving, in re s ponse to step (c) and if the a t l e ast o ne local application program 
is not c on fi gur e d using the connection. ; ■-co n fi g uration information for provisioning the a t le ast 
one ACU program, program: 

fc4(c) configuring the at lea s t one provisioning the ACU program based upon the 
configuration information received in step f4 H(b),- aftd 

(d) receiving, via the publicly accessible network and using the provisioned ACU 

program, information for provisioning the VPN program, 
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(e) provisioning the VPN program based upon the information received in step (d), and 

(f) creating #K*-a_secure communication link based on the con figurat io n using the 
provisioned VPN program . 

26. (Currently amended) The apparatus dev4ee-of claim 25, wherein_T 
the secure communication link is a VPN conn e ction, and 

the information received in step {4Mb) comprises at least one of a pub l ic/private 

k e y pa i r and a an ACU certificate corresponding to the apparatus and information received in step 
(d) comprises a VPN certificate corresponding to the apparatus . 

27. (Currently amended) The apparatus d e^*4ee-of claim 25, wherein the processor is further 
configured to perform steps comprising: that include 

(g) determining whether an update to the at l e as t one VPN application program is 
available; available. 

(h) receiving the update m pdate. and 

(i) implementing the update. 

28. (Canceled) 

29. (Currently amended) The apparatus devi c e of claim +25, wherein step (d) compris e s 
receiving a g e n e ric VPN po l icy without PK1 data, and wherein the processor is further 
configured to perform steps compri s ing: that include 

(g) g e nerating PK1 data and a corr es ponding certificat e e nrollment request; 

fb-H g ) sending , prior to step (d), a the-certificate enrollment request to the remote d e vic e 
for forwarding to an external certification authority (CA).f-afi€l 
(i ) r e c e iving a certificat e . 

30. (Canceled) 
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31. (Canceled) 

32. (Currently amended) The apparatus dev-iee-of claim 34-25, where i n the ACU application 
co n tai n s i nformation about application programs in addition to the at least one local application 
program used to creat e the secur e communication link, and wherein the processor is further 
configured to perform steps comprisinu l hat include 

(g) determining whether an update is available for the at least one of th e additional 
appl i cation programs: program, and 

(h) receiving an update for the at least one additional ap pl i cation program. 

33. (Canceled) 

34. (Currently amended) The apparatus devtee-of claim 34-25, wherein the ACU application 
contains information about application programs in add i tion to the at least on e lo cal application 
program us e d to cr e at e th e secur e communication link, and wherein the processor is further 
configured to perform steps comprising: thal include 

(g) fetching., from one of the one or more remote ly-located devices^ content or content 
metadata applicable to the at least one ef#H?-additional application pro^rams; proRram, and 

(h) storing, by the at least one additional ap pl i c ation program, the fetched content or 
content metadata. 

35. (Currently amended) The apparatus d e vic e of claim 34-25, wherein the ACU 
application program communicates using a SyncML protocol. 

36. (Currently amended) The apparatus d e vic e of claim 34-25, wherein the processor is 
further configured to perform steps compri s ing: that include 
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(g) storing, in a configuration record for at least on e thc VPN app 1 i cot i on program , an 
Internet Access Point (IAP) to be used when communicating with one of the one or morea 
remote ly-located devices on behalf of the at l e a s t oneVPN application program . 



37. (Currently amended) The apparatus devtee-of claim 54-25, wherein the ACU application 
program communicates using a simple request-response protocol, and wherein a protocol 
transaction consists of a single request-response pair. 

38. (Currently amended) The apparatus device of claim 34-25, wher e in the ACU application 

program used to create th e se cur e communication link, and wherein the processor is further 
configured to perform steps compri s ing i hat include 

(g) fetching, from one of the one or more remote ly-located devices, content metadata 
applicable to the at least one ef-the-additional application programs; prograrn, 

(h) comparing fetched metadata to locally stored metadata: metadata, and 

(i) fetching new or updated content from the one of the one or more remote ly-located 
devices based upon the comparison. 



39. (Currently amended) The apparatus d^viee-of claim 38, wherein the ACU application 
program includes in fetch requests in steps (g) and (i) content identifications (IDs) required by 

the one of the one or more remotely-located devices? 



40. (Currently amended) The apparatus de-viee-of claim 725, wher e in the ACU application 
contains information about application programs in add i tion to th e at least on e local application 
prog r am use d t o cr eate the s ecure communication l i nk, and wherein the processor is further 
configured to perform steps comprising: that include 

(g) fetching, from multiple databases in one of the one or more the remote ly- located 
devices, metadata about multiple types of content. 
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41 . (Currently amended) The apparatus d*mee-of claim 3+25, wherein 

the ACU application contains information about application program s in addition 

to the at l e ast one local application program used to create th e s e cur e communication link, and 

the ACU ap plication program transmits requests containing properties used by 

one of the one or more remote ly-located devices to filter requests. 

42. (Currently amended) The apparatus devic e of claim 3+25, wherein messages generated 
by the ACU application program and communicated one of the one or moret o-4he remotely- 
located devices include a message identifier, a target database identifier, and a security level. 

43. (Currently amended) The apparatus d eviee-of claim 42, wherein a first security level is 
required to receive configuration information for the at l e ast on e VPN program and a second 
security level is required to receive another type of information. 

44. (Currently amended) The apparatus d e vic e of claim 42, wherein at least one message 
generated by the ACU application program includes an element indicating that a- the at least one 
message is the-ajast message relating to a specific task. 

45. (Currently amended) The apparatus devtee-of claim 42, wherein the ACU application 
program requests configuration information in a single message. 

46. (Currently amended) The apparatus de*4ee~of claim 3+25, wherein the processor is 
further configured to perform steps comprising lhat include , upon r e c e ipt of a fir s t r e sponse from 
t he remote device: 

(g) validating and storing a returned certificate corresponding to one of the one or more 
remotely-located devices so as to create a trust relationship with the ~that remote ly-located device. 
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47. (Currently amended) The apparatus dev-ke-of claim 46, wherein the processor is further 
configured to perform steps compri s mg: t hat include 

(h) using the r et u r n ed certificate stored in step (g) t o validate subsequent responses from 
#*e- that remote ly-located device. 

48. (Withdrawn) A server, comprising: 

an interface to a publicly accessible network; and 
a processor configured to perform steps comprising: 

(a) receiving requests from multiple users for configuration information for locally 
stored application programs used to create secure communication links to the server, the users 
being organized in a hierarchy of child, parent and grandparent groups, each group having a 
corresponding set of secure communication configuration data accessible by the server, each 
child group inheriting properties from its parent group, each parent group inheriting properties its 
grandparent group; 

(b) storing content associated with the groups, with information associated with a 
particular group being accessible to the particular group and to groups inheriting properties from 
the particular group; 

(b) providing configuration information to the users, the configuration information 
provided to each user comprising the configuration data set for each group from which the user 
inherits properties; 

(c) receiving requests from the users for content corresponding to other locally stored 
application programs; and 

(d) providing information to the users of a child group based on the groups from which 
the child group inherits properties. 

49. (New) The method of claim 22, wherein step (g) includes requiring input of multiple 
characters from a user of the wireless device. 
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50. (New) The method of claim 49, wherein the multiple characters are a portion of an 
identifier for the certificate corresponding to one of the one or more remotely-located devices. 

51. (New) The apparatus of claim 46, wherein step (g) includes requiring input of multiple 
characters from a user of the apparatus. 

52. (New) The apparatus of claim 51, wherein the multiple characters are a portion of an 
identifier for the certificate corresponding to one of the one or more remotely-located devices. 



13 



